Docker Machines good for Non-SysAdmins?

#1

Hi
I just read the documentation about Webdevelopment with Docker and deploying to Docker Machines. It seems to to be recommended as the easiest way for local and production development with wappler.

But the severs I can create on digitalocean, hetzner etc are full (cloud/vps) root-server, right? That means I am in complete charge for maintaining (securety, updates etc) for this server, right?
I have not jet worked with docker before, but I can’t imagine that this is a very easy thing everybody can (an should) do?!?

I have set up VPS before and when working with cpanel or plesk it’s also not very complicated to get the server running. But everytime when something is not working, it can take me hours to fix this because I don’t know all the things running in the background. That’s why I went back to shared/managed hosting for most of my php-projects. I fear I get the same server management troubles when using docker for nodejs.

So what would you say? Are these Docker Machines so easy to manage that really everybody can do this without being an server admin? Or would you recommend an other hosting solution for people who want to invest as little time in server-management als possible.

BTW: I’m currently running my fist nodeJS project on a namecheap shared hosting with nodejs-support. I thought this would make things easy, but I also spend 4h with trouble with incompatibly with nodesj-versions, errors on npm install and openSSL. So I’m looking for a better solution.

Configuring firewall in VPS when using Docker Machines — is it necessary?
2022: The Year in Review
#2

Hi. If your project is on nodejs with docker the easiest is to just deploy on something like digitalocean with this guide when you’re ready to go into production/live:

https://community.wappler.io/t/docker-part-4-deploy-in-seconds-to-the-cloud-with-docker-machines/14373

All within Wappler and digitalocean is not that expensive

1 Like
#3

I’m a non-dev too and nodejs + docker is just easy for people like us.
I have aws and didn’t have any problem to set up everything, i can’t say i understood everything i did but at least it was really painless.
No brainer for me as you have nothing to manage etc.

2 Likes
#4

True, it seems to be the “Wappler” way of deploying stuff. That being said, it’s worth mentioning Docker-Machine is deprecated, so it’ll be up to Wappler to fix stuff if it breaks.

Right, you get root access with VPS servers, which includes DigitalOcean and Hetzner.

Right, as a system administrator you’re responsible for applying security updates and such. You could also configure the server to regularly apply updates by itself (unattended updates).

Prefer not to comment on this portion of the text yet

Getting started is easy, but either people use a managed database solution (like DigitalOcean’s Managed Database) or they’ll lose their data when the VPS fails and realize they don’t have backups. The benefit of shared hosting is someone else is taking care of that for you (despite you should always keep your own backups).

Definitely, Docker would make things easier in that sense - everything would be setup exactly as the Wappler team wants.

But, if your website is famous enough and you get hit with a DDoS attack, you’re effectively the SysAdmin, responsible for mitigating the attack at HTTP/HTTPS level. The same can also be said if the VPS crashes due to a hardware fault and you have to recover a broken database - Docker-Machine by itself will not save you as it does not know how to recover a broken database, it only knows how to run it.

When using shared hosting, recovering a broken database is someone else’s job - even if it just means recovering from a backup of the previous day.

Docker-Machine seems a good solution for regular Wappler users due to being officially supported by Wappler (despite no longer being supported by the Docker team), just be aware of the limitations when stuff breaks to hardware failure and other catastrophes.

I personally use Caprover as I don’t want to get tied to Docker-Machine (due to its future uncertainty), but you still have the role of SysAdmin in case stuff breaks.

Overall I think it’s ok to use Docker-Machine, due to first-hand Wappler support.

4 Likes
Ludicrous Node Services environments 2021
#5

Setup is easy, no question. But maintainance?

What about firewalls, updates and backups on your VPS?

#6

With AWS there is a lot of documentation and it’s quite straightforward to be honest.

#7

Wow, thanks for sind detailed response.

Oh, did not know this.

That is the exact reason why I would like to say on a managed solution as long as possible, even if there are a few limitations and it’s a little bit more expensive. But if the limitations cause incompatibility like here, it’s no help.

Capover looks interesting. But in the end, isn’t it similar to something like cpanel where you have a GUI to manage our server and services, just based on docker?
I personally use aapanel. It also supports nodejs and docker and it’s quite easy. But still not es robust as a managed app platform.

So what do you think would be the the most worry-free way to host a nodejs app? Is there a “regular” hoster specialized in nodejs? Or something like digital ocean app plattform or heroku even if pricing is much higher?

#8

Yes, that’s pretty much it. I’m also looking forward the release of Coolify v2 - seems it’s going to bring a lot of goodies, such as cronjobs and backups. I’m really excited about it! May be worth waiting a few weeks.

I haven’t heard of aaPanel before, just checked it and it definitely has some interesting features! The nginx WAF plug-in caught my attention

We wish :slight_smile:

Using a PaaS (like DigitalOcean App Platform or Heroku) would probably be the most worry-free to host a NodeJS app, followed by a proper shared hosting with NodeJS support (cPanel, CloudLinux, SSH access, NodeJS support, JetBackup, nginx or LiteSpeed, and maybe Immunify 360* or BitNinja* to handle attacks).

* no personal experience with those

Heroku is too expensive for me. I’ve never tried DigitalOcean’s App Platform, but I figure it’s a safe bet. I’ve also used Clever-Cloud before, which initially had some reliability issues but I think they’ve fixed them over time as some fairly big companies are using them.

I’ve actually considered (and I’m still considering) developing a proper shared hosting (PaaS/CaaS) for NodeJS/MariaDB/PostgreSQL/Redis given my past struggles finding a proper worry-free hosting solution. To date, I’ve not found a proper shared hosting for NodeJS with all the goodies (e.g.: Postgres or Redis).

If you can setup your NodeJS project on shared hosting, that’s the most affordable way while having a minimally managed solution. The more expensive alternative is going for a PaaS.

For more exotic projects you can use a PaaS, for more standard projects you can use regular shared hosting. I think once the project is setup on shared hosting it won’t mysteriously break. Just pick a shared hosting with cPanel, CloudLinux, SSH access, JetBackup, nginx or LiteSpeed, maybe something with Immunify 360* or BitNinja* - it’s hard to find a proper provider with all these things!

* no personal experience with those

Edit: For cPanel shared hosting, I recommend a reseller account, to separate projects. Otherwise, they’ll all run under the same user, which could be a security risk if one app is compromised

1 Like
I'd like to hire an expert dev to consult with on how exactly do I set up my project
#9

The team at Cloud Linux are superb! We used Immunify 360 for years as hosts. The other alternative is CloudFlare Pro for around twenty Dollars a month, their WAF is also pretty good to be honest, and their DDOS mitigation tools are class leading… ModSecurity rule sets are also another great resource with a few Vendors offering some very sophisticated rules with regular updates. If you have access to implement them…

1 Like
server-Hosting
#10

If you do, keep me updated!

buy the way: How do you manage cronjobs, backups, firewalls etc on your current Caprover setup? It seems to be the most mature docker hosting management panel, but also missing these features.

#11

CapRover is good but somewhat barebones, it doesn’t have many of those goodies by default. For cronjobs you’d need to install a cronjob software (it’s on the one-click apps on Caprover, I don’t remember the name), for backups I’m currently relying on my provider’s daily automatic backups of the VPS, for firewalls it depends if you just want to block ports (iptables, ufw or your provider’s firewall if they have one [Edit: using iptables/ufw with Docker requires more work, I’m having a hard time setting it up, better use your provider’s firewall) or if you want to mitigate DDoS attacks where you need to override the default nginx configuration (surprisingly, the panel allows you to) to add some rate limit detection, and optionally install fail2ban to monitor nginx logs and block the offending IP addresses.

Personally, I’m looking towards the release of Coolify v2 to see what it brings to the table. Until then, I see CapRover as being my preferred self-hosted panel so far

Using Wappler’s Docker-Machine offers a better Wappler experience, but still has some downsides such as no straightforward way to configure rate limits. As you can see, all the current deployment methods have disadvantages

#12

If you have enough CPU and RAM in your VPS you can try with k8s and https://porter.run

#13

It’s out.

#14

Thanks for the heads-up! Actually I did try it out but it didn’t convince me enough. You can’t push code directly from your computer - it has to go through a hosted Git repo first - as well as the lack of configurable options at the web server side

1 Like